Senior SCADA Network Administrator

Irvine Ranch Water District - Irvine, CA4.1

The Irvine Ranch Water District is accepting applications for a Senior SCADA Network Administrator. The successful candidate will be responsible for the design, installation, configuration, optimization, administration, maintenance, cybersecurity protection and continuous 24/7 operation of the IRWD Industrial Control System / Supervisory Control and Data Acquisition (ICS/SCADA) system.

Summary of Duties

Network, Server and SCADA Application:
Design and oversee ICS/SCADA network and server infrastructure
Evaluate and simulate the effects of patches, firmware, drivers, operating systems, and software updates in a SCADA sandbox environment.
Plan, schedule, install, configure, integrate, troubleshoot, patch, update, and maintain ICS/SCADA hardware and software to improve, secure and support continuous 24/7 operation of the ICS/SCADA infrastructure with minimum to zero downtime production environment.
Collaborate with consultants, vendors and staff members to resolve network, server and SCADA application issues. Provide advanced technical expertise and hands-on support to the Automation team and internal customer as required.
Segment network utilizing Purdue model, principles of least privilege and need-to-know basis and other best practice.
Install and configure point-to-point VPN, IPS, IDS, Firewalls and other applications to secure ICS/SCADA communication.
Develop and maintain documentation, including but not limited to ICS/SCADA architecture drawings, installation, configuration, and troubleshooting procedures.

ICS/SCADA Cybersecurity:
Lead Automation team in collaboration efforts with other cybersecurity experts, consultants and internal staff to develop well-constructed approaches to ICS/SCADA risk management, mitigation, and monitoring strategies.
Responsible to create, maintain, assess, audit and comply with applicable laws, regulatory and security policies, standards and best practice hardening guidelines of the ICS/ SCADA infrastructure utilizing
NIST Framework for Improving Critical Infrastructure Cybersecurity
NIST 800-82 - Guide to Industrial Control Systems (ICS) Security
NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations
AWWA G430-14 - American Water Works Association Security Practices for Operation and Management
Other relevant framework or standards
Utilize Kali Linux, Metasploit, Wireshark, Nessus and other tools to penetrate ICS/SCADA system to discover vulnerability and deficiency.
Educate internal staff about the risk and the steps required to close the security gap and to report cyber threats and attacks.
Develops, reviews, and implements improvements to the Backup and Disaster Recovery Plans and periodically simulate a disaster event to ensure the ICS/SCADA is able to recover from a disaster.
Maintain a performance management program with relevant key performance indicators (KPIs) and tracking mechanisms.
Review automation software and hardware histories and determine repair, system upgrades, and replacement needs Develop, and execute policies including but not limited to network reliability, SCADA cybersecurity, backup and disaster recovery.
Stay abreast with current developments and regulation changes in the automation controls, information systems technologies, cybersecurity and water utility industries in order to provide updates and recommendation to management staff.
Maintain regular contact with Operations, Maintenance, Engineering and other departments or consultants to provide as needed support and participate in cross-department projects as directed.
After hours' accessibility will be required as needed to meet District needs.
Perform other related duties as assigned.
Comply with District work-related safety practices and attend relevant safety training.

A combination of education and experience equivalent to a Bachelor's degree in Computer Science, Engineering or related field and at least five (5) years of experience in Operational Technology (ICS/SCADA) or Information Technology environment required.

Experience with the following software, hardware and protocols required:

Microsoft Windows Server and Desktop operating system
Microsoft Active Directory and Group Policy
Powershell Scripting
VMWare Hypervisor, vCenter and Microsoft Hyper-V
Industrial communication protocols, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Host Intrusion Prevent System (HIPS), Layer 7 Application Control, SNORT and Wireshark
Kali Linux or other similar distribution
Nessus, OpenVAS, Metasploit or other vulnerability management software
Radio communications equipment, Network Switches, Virtual Private Network (VPN), Routers and Firewalls
Security Information and Event Management (SIEM), Syslog and Simple Network Management Protocol (SNMP) and Trap

Experience with the following software and hardware is highly desired:
Wonderware Intouch, Application Server or other SCADA software
Schneider Modicon PLC
Microsoft SQL and Power BI
Schneider/Wonderware System Platform, Historian, InTouch and Maple Systems
Schneider Unity Pro
Python Scripting

License / Certifications Required:
Depending on assignment, a valid Class 'C' California Driver's License may be required.

Must obtain 1 or more of the following certifications within 9 months of hire date:
Cisco CCNP (Cisco Certified Network Professional)
Cisco CCNA (Cisco Certified Network Associate)
Microsoft MSCE (Microsoft System Certified Engineer)
Must obtain 1 or more of the following certifications within 9 months of hire date:
CompTIA Security+
Certified Penetration Tester (CPT)
Certified Expert Penetration Tester (CEPT)
Certified Ethical Hacker (CEH)
GIAC Industrial Cyber Security Professional (GICSP)
GIAC Critical Infrastructure Protection (GCIP)
GIAC Response and Industrial Defense (GRID)
Cisco CCNA Security (Cisco Certified Network Associate Security)
Certified Information Systems Security Professional (CISSP)
Additional Information
For a complete job description, please visit:

For more information regarding our benefits, please visit: